CN113556273A - Data transmission method of three-network cloud intercommunication system - Google Patents
Data transmission method of three-network cloud intercommunication system Download PDFInfo
- Publication number
- CN113556273A CN113556273A CN202110811273.4A CN202110811273A CN113556273A CN 113556273 A CN113556273 A CN 113556273A CN 202110811273 A CN202110811273 A CN 202110811273A CN 113556273 A CN113556273 A CN 113556273A
- Authority
- CN
- China
- Prior art keywords
- interface
- gre
- cloud
- message
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000005540 biological transmission Effects 0.000 title claims abstract description 32
- 238000000034 method Methods 0.000 title claims abstract description 23
- 238000012545 processing Methods 0.000 claims description 24
- 238000004891 communication Methods 0.000 claims description 18
- 238000005538 encapsulation Methods 0.000 claims description 11
- 239000013307 optical fiber Substances 0.000 claims description 8
- 230000007246 mechanism Effects 0.000 abstract description 5
- 238000013461 design Methods 0.000 abstract description 3
- 238000005516 engineering process Methods 0.000 description 5
- 230000008569 process Effects 0.000 description 2
- 230000002776 aggregation Effects 0.000 description 1
- 238000004220 aggregation Methods 0.000 description 1
- 230000002457 bidirectional effect Effects 0.000 description 1
- 238000004883 computer application Methods 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000002474 experimental method Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 101150111571 mreg gene Proteins 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
- 239000002699 waste material Substances 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/66—Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4633—Interconnection of networks using encapsulation techniques, e.g. tunneling
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/06—Selective distribution of broadcast services, e.g. multimedia broadcast multicast service [MBMS]; Services to user groups; One-way selective calling services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W88/00—Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
- H04W88/16—Gateway arrangements
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Multimedia (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to a data transmission method of a three-network cloud intercommunication system, which is used for realizing data transmission from a private cloud server in the three-network cloud intercommunication system to a PE cloud gateway. Compared with the prior art, the invention uses GRE to encapsulate the network message received by the CPE terminal equipment and then transmits the network message to the PE cloud gateway, the GRE implementation mechanism is simple, the burden on the CPE terminal equipment and the PE cloud gateway is small, the local networks of various network protocols can be communicated through an IPv4 network, the original network architecture is effectively utilized, the cost is reduced, the defined GRE tunnel expands the working range of the network protocol with limited hop count, the flexible design of network topology by a user is supported, the GRE tunnel can encapsulate multicast data, and the safety of multicast services such as voice, video and the like can be ensured when the GRE tunnel is combined with IPSec for use.
Description
Technical Field
The invention relates to the technical field of computer application, in particular to a data transmission method of a three-network cloud intercommunication system.
Background
Enterprise users connect to the internet through private lines and need to connect to the internet through a carrier network. With the rapid development of cloud computing technology, various cloud platforms are more and more widely applied, along with the expansion of the scale of enterprise users, a plurality of enterprise users deploy public clouds on cloud service providers to reduce construction and maintenance cost, and meanwhile, according to the demands, the private clouds of the enterprises are also provided, and how to make connection through optical fibers among the multiple clouds becomes a problem to be solved urgently, so that the cloud private line interconnection occurs, and the enterprise users access a cloud server through a deployment private network.
However, in many enterprise users, the dedicated enterprise internet line and the dedicated cloud line are deployed in sequence, and the dedicated enterprise internet line and the dedicated cloud line are mutually independent optical fibers, which causes waste of optical fiber resources and high deployment cost on one hand, and brings inconvenience in management on the other hand.
Chinese patent CN213244039U discloses a three-network cloud intercommunication system based on a multi-cloud aggregation connection technology, wherein a core gateway connected to an operator network, a PE cloud gateway connected to a public cloud network, and a PE gateway connected to the core gateway and the PE cloud gateway, respectively, are arranged on a three-network cloud intercommunication platform; in a user network, user terminal equipment is connected with a PE gateway through an optical fiber, and a private cloud server is connected with the PE cloud gateway through AR terminal equipment; through the three-network cloud intercommunication system, a user can access the Internet and establish a cloud special line with a plurality of public cloud platforms, so that optical fiber resources are saved, the access cost is low, the implementation is simple and convenient, and the technology is novel.
However, when the method is specifically implemented, data of the private cloud server of the user is sent to the AR terminal device through the network protocol, and then sent to the PE cloud gateway through the AR terminal device.
Disclosure of Invention
The invention aims to overcome the defects of the prior art and provides a data transmission method of a three-network cloud intercommunication system, GRE is used for encapsulating network messages received by CPE terminal equipment and then transmitting the network messages to a PE cloud gateway, the GRE implementation mechanism is simple, the burden on the CPE terminal equipment and the PE cloud gateway is small, a plurality of network protocol local networks can be communicated through an IPv4 network, the original network architecture is effectively utilized, the cost is reduced, the defined GRE tunnel expands the working range of the network protocol with limited hop number, the flexible design of a network topology is supported for users, the GRE tunnel can encapsulate multicast data, and when the GRE tunnel is used in combination with the IPSec protocol, the safety of multicast services such as voice, video and the like can be ensured.
The purpose of the invention can be realized by the following technical scheme:
a data transmission method of a three-network cloud intercommunication system is used for realizing data transmission from a private cloud server to a PE cloud gateway in the three-network cloud intercommunication system, the three-network cloud intercommunication system comprises a three-network cloud intercommunication platform, CPE terminal equipment, a user network, an operator network and a public cloud network, and a core gateway, the PE cloud gateway and the PE gateway are arranged on the three-network cloud intercommunication platform; the user network comprises user terminal equipment and a private cloud server, wherein the user terminal equipment is connected with a PE (provider edge) gateway of the three-network cloud intercommunication platform through an optical fiber, and the private cloud server is connected with the PE cloud gateway of the three-network cloud intercommunication platform through CPE (customer premise equipment) terminal equipment; the core gateway is connected with an operator network, the PE cloud gateway is connected with a public cloud network, and the PE gateway is respectively connected with the core gateway and the PE cloud gateway;
the private cloud server sends data to CPE terminal equipment through a network protocol, the CPE terminal equipment uses a GRE protocol to package the data sent through the network protocol to obtain a GRE message to be transmitted, a GRE Tunnel, namely a GRE-Tunnel, used for transmitting the GRE message is defined between the CPE terminal equipment and a PE cloud gateway of a three-network cloud intercommunication platform, the GRE message is transmitted in the GRE Tunnel, and the PE cloud gateway unpacks the received GRE message.
Further, the private cloud server sends data to the CPE terminal device through an ethernet protocol, the CPE terminal device encapsulates the data sent through the ethernet protocol by using a GRE protocol to obtain a GRE packet to be transmitted, the GRE packet is sent to a PE cloud gateway of the three-network cloud interworking platform, and the PE cloud gateway decapsulates the received GRE packet.
Furthermore, the transmission process of the GRE message uses IPSec protocol to encrypt and verify.
Further, encapsulating data sent over an ethernet protocol using the GRE protocol includes the steps of:
a1, binding a two-layer VE interface VE0/0/2 on a physical Ethernet interface GE2/0/0 at the LAN side of CPE terminal equipment, and binding a two-layer VE interface VE0/0/1 on a Tunnel interface Tunnel0/0/1 at the WAN side of the CPE terminal equipment;
a2, a physical Ethernet interface GE2/0/0 of a CPE terminal equipment LAN side receives an Ethernet message sent by a private cloud server through an Ethernet protocol, wherein the Ethernet message carries VLAN Tag information;
a3 and a physical Ethernet interface GE2/0/0 forward the received Ethernet message to a second-layer VE interface VE0/0/2, perform interface VLAN processing on the Ethernet message on a second-layer VE interface VE0/0/2 based on VLAN Tag information, perform second-layer forwarding in CPE terminal equipment, and forward the Ethernet message to the second-layer VE interface VE 0/0/1;
a4, performing interface VLAN processing on the Ethernet message on a two-layer VE interface VE0/0/1 based on VLAN Tag information, forwarding the Ethernet message to a Tunnel interface Tunnel0/0/1, obtaining a GRE message to be transmitted after GRE encapsulation, transmitting the GRE message to a PE cloud gateway through a GRE Tunnel by a Tunnel interface Tunnel0/0/1 on CPE terminal equipment, wherein the GRE message carries protocol codes.
Further, the decapsulating, by the PE cloud gateway, the received GRE packet includes the following steps:
a5, a Tunnel0/0/1 interface on a PE cloud gateway receives a GRE message sent by CPE terminal equipment, the GRE message is decapsulated on the Tunnel0/0/1 interface to obtain an Ethernet message sent by an Ethernet protocol, and the Ethernet message is forwarded to a VE interface 0/0/1 on a second layer of the PE cloud gateway according to a protocol code carried by the GRE message;
a6, performing interface-in VLAN processing on the Ethernet message on a second-layer VE interface VE0/0/1 based on VLAN Tag information, performing second-layer forwarding in a PE cloud gateway, forwarding the Ethernet message to a second-layer VE interface VE0/0/2, and performing interface-out VLAN processing on the Ethernet message on a second-layer VE interface VE0/0/1 based on VLAN Tag information;
a7, the Ethernet message carries the latest VLAN Tag information, and the Ethernet message is sent to the next node of the three-network cloud intercommunication system through the Ethernet interface GE2/0/0 on the PE cloud gateway.
Further, besides supporting an ethernet protocol, a 5G wireless communication protocol is also supported, the private cloud server sends data to the CPE terminal device through the 5G wireless communication protocol, the CPE terminal device encapsulates the data sent through the 5G wireless communication protocol using a GRE protocol to obtain a GRE packet to be transmitted, a GRE tunnel between the CPE terminal device and a PE cloud gateway of the three-network cloud interworking platform is an mreg tunnel, the GRE packet is sent to the PE cloud gateway of the three-network cloud interworking platform, and the PE cloud gateway decapsulates the received GRE packet.
Furthermore, the transmission process of the GRE message uses IPSec protocol to encrypt and verify.
Further, encapsulating data sent over the 5G wireless communication protocol using the GRE protocol includes the steps of:
b1, binding a two-layer VE interface VE0/0/2 on a physical Ethernet interface GE0 at the LAN side of CPE terminal equipment, and binding a two-layer VE interface VE0/0/1 on a Tunnel interface Tunnel0/0/1 at the WAN side of the CPE terminal equipment;
b2, a physical Ethernet interface GE0 at the LAN side of CPE terminal equipment receives an Ethernet message sent by a private cloud server through a 5G wireless communication protocol, wherein the Ethernet message carries VLAN Tag information;
b3 and a physical Ethernet interface GE0 forward the received Ethernet message to a second-layer VE interface VE0/0/2, perform interface-in VLAN processing on the second-layer VE interface VE0/0/2 based on VLAN Tag information, perform second-layer forwarding in CPE terminal equipment, and forward the Ethernet message to a second-layer VE interface VE 0/0/1;
b4, performing interface VLAN processing on the Ethernet message on a two-layer VE interface VE0/0/1 based on VLAN Tag information, forwarding the Ethernet message to a Tunnel interface Tunnel0/0/1, obtaining a GRE message to be transmitted after GRE encapsulation, transmitting the GRE message to a PE cloud gateway through an mGRE Tunnel through a Tunnel interface Tunnel0/0/1 on CPE terminal equipment, wherein the GRE message carries protocol codes.
Further, the decapsulating, by the PE cloud gateway, the received GRE packet includes the following steps:
b5, a Tunnel0/0/1 interface on the PE cloud gateway receives a GRE message sent by CPE terminal equipment, the GRE message is decapsulated on the Tunnel0/0/1 interface to obtain an Ethernet message sent by a 5G wireless communication protocol, and the Ethernet message is forwarded to a two-layer VE interface VE0/0/1 of the PE cloud gateway according to a protocol code carried by the GRE message;
b6, performing interface-in VLAN processing on the Ethernet message on a second-layer VE interface VE0/0/1 based on VLAN Tag information, performing second-layer forwarding in a PE cloud gateway, forwarding the Ethernet message to a second-layer VE interface VE0/0/2, and performing interface-out VLAN processing on the Ethernet message on a second-layer VE interface VE0/0/1 based on VLAN Tag information;
b7, the Ethernet message carries the latest VLAN Tag information, and the Ethernet message is sent to the next node of the three-network cloud intercommunication system through an Ethernet interface GE2/0/0 on the PE cloud gateway.
Further, the CPE terminal device is a routing terminal device.
Compared with the prior art, the invention uses GRE to encapsulate the network message received by the CPE terminal equipment and then transmits the network message to the PE cloud gateway, the GRE implementation mechanism is simple, the burden on the CPE terminal equipment and the PE cloud gateway is small, the local networks of various network protocols can be communicated through an IPv4 network, the original network architecture is effectively utilized, the cost is reduced, the defined GRE tunnel expands the working range of the network protocol with limited hop count, the flexible design of network topology by a user is supported, the GRE tunnel can encapsulate multicast data, and the safety of multicast services such as voice, video and the like can be ensured when the GRE tunnel is combined with IPSec for use.
Drawings
FIG. 1 is a schematic view of the present invention;
reference numerals: 1. the system comprises a three-network cloud intercommunication platform 2, CPE terminal equipment 3, a user network 4, an operator network 5 and a public cloud network.
Detailed Description
The invention is described in detail below with reference to the figures and specific embodiments. The present embodiment is implemented on the premise of the technical solution of the present invention, and a detailed implementation manner and a specific operation process are given, but the scope of the present invention is not limited to the following embodiments.
Example 1:
a data transmission method of a three-network cloud intercommunication system is used for realizing data transmission from a private cloud server in the three-network cloud intercommunication system to a PE cloud gateway.
As shown in fig. 1, the three-network cloud interworking system includes a three-network cloud interworking platform 1, CPE terminal equipment 2, a user network 3, an operator network 4, and a public cloud network 5, where the three-network cloud interworking platform 1 is provided with a core gateway, a PE cloud gateway, and a PE gateway; the user network 3 comprises user terminal equipment and a private cloud server, wherein the user terminal equipment is connected with a PE (provider edge) gateway of the three-network cloud intercommunication platform 1 through an optical fiber, and the private cloud server is connected with the PE cloud gateway of the three-network cloud intercommunication platform 1 through a CPE (customer premise equipment) terminal equipment 2; the core gateway is connected with an operator network 4, the PE cloud gateway is connected with a public cloud network 5, and the PE gateway is respectively connected with the core gateway and the PE cloud gateway; the CPE terminal device 2 is a routing terminal device.
In the data transmission process, the private cloud server sends data to the CPE terminal device 2 through a network protocol, the CPE terminal device 2 encapsulates the data sent through the network protocol by using a GRE protocol to obtain a GRE message to be transmitted, a GRE Tunnel for GRE message transmission, namely a GRE-Tunnel, is defined between the CPE terminal device 2 and a PE cloud gateway of the three-network cloud intercommunication platform 1, the GRE message is transmitted in the GRE Tunnel, and the PE cloud gateway decapsulates the received GRE message.
GRE (generic Routing encapsulation) is a general Routing encapsulation protocol, is a three-layer tunnel encapsulation technology, provides a mechanism for encapsulating messages of one protocol in messages of another protocol, enables the messages to be transmitted transparently through GRE tunnels, and encapsulates datagrams of certain network layer protocols (such as IPX, ATM, IPv6, Ethernet and the like), so that the encapsulated data messages can be transmitted in an IPv4 network, and the transmission problem of heterogeneous networks is solved.
If the message received by the device a is an X protocol message, it needs to be forwarded to the device B, but the network protocol between the device a and the device B is a C protocol, a GRE protocol can be used to encapsulate the X protocol message (i.e. the X protocol plus the GRE header), and then the C protocol header is added, so that the message can be sent from the device a to the device B, after the message is received by the device B, the C protocol header is stripped first, and then the message is processed by the GRE protocol, and the GRE header is stripped, so that the original X protocol message can be obtained.
And GRE encapsulation is carried out on data sent by the private cloud server through a network protocol at a port of the CPE terminal equipment 2, and the port type can be transparent transmission or transmission in a tagged mode carrying vlan.
Ethernet protocol
If the private cloud server sends the data to the CPE terminal equipment 2 through the Ethernet protocol, the CPE terminal equipment 2 uses the GRE protocol to encapsulate the data sent through the Ethernet protocol to obtain a GRE message to be transmitted, the GRE message is sent to a PE cloud gateway of the three-network cloud intercommunication platform 1, and the PE cloud gateway de-encapsulates the received GRE message, and the method comprises the following steps:
a1, binding a two-layer VE interface VE0/0/2 on a physical Ethernet interface GE2/0/0 at the LAN side of CPE terminal equipment 2, and binding a two-layer VE interface VE0/0/1 on a Tunnel interface Tunnel0/0/1 at the WAN side of the CPE terminal equipment 2;
a2, a physical Ethernet interface GE2/0/0 of a CPE terminal device 2LAN side receives an Ethernet message sent by a private cloud server through an Ethernet protocol, wherein the Ethernet message carries VLAN Tag information;
a3 and a physical Ethernet interface GE2/0/0 forward the received Ethernet message to a second-layer VE interface VE0/0/2, perform interface VLAN processing on the Ethernet message on a second-layer VE interface VE0/0/2 based on VLAN Tag information, perform second-layer forwarding in CPE terminal equipment 2, and forward the Ethernet message to the second-layer VE interface VE 0/0/1;
a4, performing interface VLAN processing on an Ethernet message on a two-layer VE interface VE0/0/1 based on VLAN Tag information, forwarding the Ethernet message to a Tunnel interface Tunnel0/0/1, obtaining a GRE message to be transmitted after GRE encapsulation, transmitting the GRE message to a PE cloud gateway through a Tunnel interface Tunnel0/0/1 on CPE terminal equipment 2, wherein the GRE message carries a protocol code, and the protocol code is 0x 6558;
a5, a Tunnel0/0/1 interface on a PE cloud gateway receives a GRE message sent by CPE terminal equipment 2, the GRE message is unpacked on the Tunnel0/0/1 interface to obtain an Ethernet message sent by an Ethernet protocol, and after a protocol code is checked to be 0x6558, the Ethernet message is forwarded to a two-layer VE interface VE0/0/1 of the PE cloud gateway according to the protocol code carried by the GRE message;
a6, performing interface-in VLAN processing on the Ethernet message on a second-layer VE interface VE0/0/1 based on VLAN Tag information, performing second-layer forwarding in a PE cloud gateway, forwarding the Ethernet message to a second-layer VE interface VE0/0/2, and performing interface-out VLAN processing on the Ethernet message on a second-layer VE interface VE0/0/1 based on VLAN Tag information;
a7, the Ethernet message carries the latest VLAN Tag information, and the Ethernet message is sent to the next node of the three-network cloud intercommunication system through the Ethernet interface GE2/0/0 on the PE cloud gateway.
(II) 5G wireless communication
In fact, in the connection between the private cloud server and the CPE terminal device 2, the ethernet protocol can be used under normal conditions, the 5G communication is used as a backup in case of a fault, and the switching to the standby 5G channel within 50ms can be realized by combining a bidirectional route detection mechanism and a fast reroute switching technology, so that the flexibility of product networking is improved, and the method has a high market value.
The 5G wireless is established in a dialing mode, the application encapsulates the wireless into mGRE, and an mGRE tunnel interface is a point-to-multipoint type logical interface provided for realizing a dynamic virtual private network protocol and comprises a source address, a destination address and a tunnel interface IP address.
The private cloud server sends data to the CPE terminal equipment 2 through a 5G wireless communication protocol, the CPE terminal equipment 2 uses a GRE protocol to package the data sent through the 5G wireless communication protocol to obtain a GRE message to be transmitted, a GRE tunnel between the CPE terminal equipment 2 and a PE cloud gateway of the three-network cloud intercommunication platform 1 is an mGRE tunnel, the GRE message is sent to the PE cloud gateway of the three-network cloud intercommunication platform 1, and the PE cloud gateway decapsulates the received GRE message.
Different from the manual designation of the destination address by the GRE tunnel interface, the destination address of the mGRE tunnel interface is from an NHRP address resolution protocol, and a plurality of GRE tunnels and a plurality of GRE opposite ends can exist on one mGRE tunnel interface. The NHRP protocol is a next hop address resolution protocol Ethernet over mGRE, which is to transmit the message of the Ethernet protocol in another network layer protocol (such as IPv4) after GRE encapsulation, and comprises the following steps:
b1, binding a two-layer VE interface VE0/0/2 on a physical Ethernet interface GE0 at the LAN side of CPE terminal equipment 2, and binding a two-layer VE interface VE0/0/1 on a Tunnel interface Tunnel0/0/1 at the WAN side of CPE terminal equipment 2;
b2, a physical Ethernet interface GE0 at the LAN side of CPE terminal equipment 2 receives an Ethernet message sent by a private cloud server through a 5G wireless communication protocol, wherein the Ethernet message carries VLAN Tag information;
b3 and a physical Ethernet interface GE0 forward the received Ethernet message to a second-layer VE interface VE0/0/2, perform interface-in VLAN processing on the second-layer VE interface VE0/0/2 based on VLAN Tag information, perform second-layer forwarding in CPE terminal equipment 2, and forward the Ethernet message to a second-layer VE interface VE 0/0/1;
b4, performing interface VLAN processing on the Ethernet message on a two-layer VE interface VE0/0/1 based on VLAN Tag information, forwarding the Ethernet message to a Tunnel interface Tunnel0/0/1, obtaining a GRE message to be transmitted after GRE encapsulation, transmitting the GRE message to a PE cloud gateway through an mGRE Tunnel through a Tunnel interface Tunnel0/0/1 on CPE terminal equipment 2, wherein the GRE message carries a protocol code, and the protocol code is 0x 6558;
b5, a Tunnel0/0/1 interface on the PE cloud gateway receives a GRE message sent by CPE terminal equipment 2, the GRE message is unpacked on the Tunnel0/0/1 interface to obtain an Ethernet message sent by a 5G wireless communication protocol, and after a protocol code is checked to be 0x6558, the Ethernet message is forwarded to a two-layer VE interface VE0/0/1 of the PE cloud gateway according to the protocol code carried by the GRE message;
b6, performing interface-in VLAN processing on the Ethernet message on a second-layer VE interface VE0/0/1 based on VLAN Tag information, performing second-layer forwarding in a PE cloud gateway, forwarding the Ethernet message to a second-layer VE interface VE0/0/2, and performing interface-out VLAN processing on the Ethernet message on a second-layer VE interface VE0/0/1 based on VLAN Tag information;
b7, the Ethernet message carries the latest VLAN Tag information, and the Ethernet message is sent to the next node of the three-network cloud intercommunication system through an Ethernet interface GE2/0/0 on the PE cloud gateway.
In the above data transmission process, the GRE packet is transmitted by using IPSec protocol for encryption and authentication to ensure the security of communication, and IPSec ensures the secure transmission of user service data in Internet from the following aspects by means of encryption and authentication, etc.:
data source verification: the receiver verifies whether the identity of the sender is legal.
Data encryption: the sender encrypts the data and transmits the data on the Internet in a ciphertext mode, and the receiver decrypts and processes or directly forwards the received encrypted data.
Data integrity: the receiver verifies the received data to determine whether the message is tampered.
Anti-replay: the receiver rejects old or repeated data packets, preventing attacks by malicious users by repeatedly sending captured data packets.
The foregoing detailed description of the preferred embodiments of the invention has been presented. It should be understood that numerous modifications and variations could be devised by those skilled in the art in light of the present teachings without departing from the inventive concepts. Therefore, the technical solutions available to those skilled in the art through logic analysis, reasoning and limited experiments based on the prior art according to the concept of the present invention should be within the scope of protection defined by the claims.
Claims (10)
1. A data transmission method of a three-network cloud intercommunication system is used for realizing data transmission from a private cloud server to a PE cloud gateway in the three-network cloud intercommunication system, the three-network cloud intercommunication system comprises a three-network cloud intercommunication platform (1), CPE terminal equipment (2), a user network (3), an operator network (4) and a public cloud network (5), and a core gateway, the PE cloud gateway and the PE gateway are arranged on the three-network cloud intercommunication platform (1); the user network (3) comprises user terminal equipment and a private cloud server, wherein the user terminal equipment is connected with a PE (provider edge) gateway of the three-network cloud intercommunication platform (1) through an optical fiber, and the private cloud server is connected with the PE cloud gateway of the three-network cloud intercommunication platform (1) through CPE (customer premise equipment) terminal equipment (2); the core gateway is connected with an operator network (4), the PE cloud gateway is connected with a public cloud network (5), and the PE gateway is respectively connected with the core gateway and the PE cloud gateway; the method is characterized in that:
the private cloud server sends data to CPE terminal equipment (2) through a network protocol, the CPE terminal equipment (2) uses a GRE protocol to package the data sent through the network protocol to obtain a GRE message to be transmitted, a GRE Tunnel, namely GRE-Tunnel, used for transmitting the GRE message is defined between the CPE terminal equipment (2) and a PE cloud gateway of a three-network cloud intercommunication platform (1), the GRE message is transmitted in the GRE Tunnel, and the PE cloud gateway decapsulates the received GRE message.
2. The data transmission method of the three-network cloud intercommunication system according to claim 1, wherein the private cloud server sends data to the CPE terminal device (2) through an ethernet protocol, the CPE terminal device (2) encapsulates the data sent through the ethernet protocol by using a GRE protocol to obtain a GRE packet to be transmitted, the GRE packet is sent to a PE cloud gateway of the three-network cloud intercommunication platform (1), and the PE cloud gateway decapsulates the received GRE packet.
3. The data transmission method of the three-network cloud intercommunication system according to claim 2, wherein the GRE packet is encrypted and verified by using an IPSec protocol in the transmission process.
4. The data transmission method of the three-network cloud interworking system according to claim 2, wherein encapsulating data sent by an ethernet protocol using a GRE protocol comprises the steps of:
a1, binding a two-layer VE interface VE0/0/2 on a physical Ethernet interface GE2/0/0 at the LAN side of CPE terminal equipment (2), and binding a two-layer VE interface VE0/0/1 on a Tunnel interface Tunnel0/0/1 at the WAN side of the CPE terminal equipment (2);
a2, a physical Ethernet interface GE2/0/0 of a LAN side of CPE terminal equipment (2) receives an Ethernet message sent by a private cloud server through an Ethernet protocol, wherein the Ethernet message carries VLAN Tag information;
a3 and a physical Ethernet interface GE2/0/0 forward the received Ethernet message to a second-layer VE interface VE0/0/2, perform interface VLAN processing on the Ethernet message on a second-layer VE interface VE0/0/2 based on VLAN Tag information, perform second-layer forwarding in CPE terminal equipment (2), and forward the Ethernet message to the second-layer VE interface VE 0/0/1;
a4, performing interface VLAN processing on the Ethernet message on a two-layer VE interface VE0/0/1 based on VLAN Tag information, forwarding the Ethernet message to a Tunnel interface Tunnel0/0/1, obtaining a GRE message to be transmitted after GRE encapsulation, transmitting the GRE message to a PE cloud gateway through a GRE Tunnel through a Tunnel interface Tunnel0/0/1 on CPE terminal equipment (2), wherein the GRE message carries protocol codes.
5. The data transmission method of the three-network cloud intercommunication system according to claim 4, wherein the decapsulating of the received GRE message by the PE cloud gateway comprises the following steps:
a5, a Tunnel0/0/1 interface on a PE cloud gateway receives a GRE message sent by CPE terminal equipment (2), the GRE message is decapsulated on the Tunnel0/0/1 interface to obtain an Ethernet message sent by an Ethernet protocol, and the Ethernet message is forwarded to a two-layer VE interface VE0/0/1 of the PE cloud gateway according to a protocol code carried by the GRE message;
a6, performing interface-in VLAN processing on the Ethernet message on a second-layer VE interface VE0/0/1 based on VLAN Tag information, performing second-layer forwarding in a PE cloud gateway, forwarding the Ethernet message to a second-layer VE interface VE0/0/2, and performing interface-out VLAN processing on the Ethernet message on a second-layer VE interface VE0/0/1 based on VLAN Tag information;
a7, the Ethernet message carries the latest VLAN Tag information, and the Ethernet message is sent to the next node of the three-network cloud intercommunication system through the Ethernet interface GE2/0/0 on the PE cloud gateway.
6. The data transmission method of the three-network cloud intercommunication system according to claim 1, wherein the private cloud server sends data to the CPE terminal device (2) through a 5G wireless communication protocol, the CPE terminal device (2) encapsulates the data sent through the 5G wireless communication protocol by using a GRE protocol to obtain a GRE message to be transmitted, a GRE tunnel between the CPE terminal device (2) and a PE cloud gateway of the three-network cloud intercommunication platform (1) is an mcre tunnel, the GRE message is sent to the PE cloud gateway of the three-network cloud intercommunication platform (1), and the PE cloud gateway decapsulates the received GRE message.
7. The data transmission method of the three-network cloud interworking system according to claim 6, wherein an IPSec protocol is used for encryption and authentication in the transmission process of the GRE packet.
8. The data transmission method of the three-network cloud interworking system according to claim 6, wherein encapsulating data sent by a 5G wireless communication protocol using a GRE protocol comprises the steps of:
b1, binding a two-layer VE interface VE0/0/2 on a physical Ethernet interface GE0 at the LAN side of the CPE terminal equipment (2), and binding a two-layer VE interface VE0/0/1 on a Tunnel interface Tunnel0/0/1 at the WAN side of the CPE terminal equipment (2);
b2, a physical Ethernet interface GE0 at the LAN side of CPE terminal equipment (2) receives an Ethernet message sent by a private cloud server through a 5G wireless communication protocol, wherein the Ethernet message carries VLAN Tag information;
b3 and a physical Ethernet interface GE0 forward the received Ethernet message to a second-layer VE interface VE0/0/2, perform interface-in VLAN processing on the second-layer VE interface VE0/0/2 based on VLAN Tag information, perform two-layer forwarding in CPE terminal equipment (2), and forward the Ethernet message to a second-layer VE interface VE 0/0/1;
b4, performing interface VLAN processing on the Ethernet message on a two-layer VE interface VE0/0/1 based on VLAN Tag information, forwarding the Ethernet message to a Tunnel interface Tunnel0/0/1, obtaining a GRE message to be transmitted after GRE encapsulation, transmitting the GRE message to a PE cloud gateway through an mGRE Tunnel through a Tunnel interface Tunnel0/0/1 on CPE terminal equipment (2), wherein the GRE message carries a protocol code.
9. The data transmission method of the three-network cloud interworking system according to claim 8, wherein the decapsulating of the received GRE packet by the PE cloud gateway includes the following steps:
b5, a Tunnel0/0/1 interface on the PE cloud gateway receives a GRE message sent by CPE terminal equipment (2), the GRE message is unpacked on the Tunnel0/0/1 interface to obtain an Ethernet message sent by a 5G wireless communication protocol, and the Ethernet message is forwarded to a two-layer VE interface VE0/0/1 of the PE cloud gateway according to a protocol code carried by the GRE message;
b6, performing interface-in VLAN processing on the Ethernet message on a second-layer VE interface VE0/0/1 based on VLAN Tag information, performing second-layer forwarding in a PE cloud gateway, forwarding the Ethernet message to a second-layer VE interface VE0/0/2, and performing interface-out VLAN processing on the Ethernet message on a second-layer VE interface VE0/0/1 based on VLAN Tag information;
b7, the Ethernet message carries the latest VLAN Tag information, and the Ethernet message is sent to the next node of the three-network cloud intercommunication system through an Ethernet interface GE2/0/0 on the PE cloud gateway.
10. The data transmission method of the three-network cloud intercommunication system according to claim 1, wherein the CPE terminal equipment (2) is a route terminal equipment.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110811273.4A CN113556273A (en) | 2021-07-19 | 2021-07-19 | Data transmission method of three-network cloud intercommunication system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110811273.4A CN113556273A (en) | 2021-07-19 | 2021-07-19 | Data transmission method of three-network cloud intercommunication system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113556273A true CN113556273A (en) | 2021-10-26 |
Family
ID=78132185
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110811273.4A Pending CN113556273A (en) | 2021-07-19 | 2021-07-19 | Data transmission method of three-network cloud intercommunication system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113556273A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114070874A (en) * | 2021-11-12 | 2022-02-18 | 浙江江能建设有限公司 | DTU-EDGE series intelligent gateway control system and control method thereof |
| CN114826826A (en) * | 2022-04-28 | 2022-07-29 | 北京金山云网络技术有限公司 | Network congestion information transmission method and device, public cloud network and electronic equipment |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101262429A (en) * | 2008-04-16 | 2008-09-10 | 中兴通讯股份有限公司 | A system and method for realizing virtual private network communication |
| CN111510316A (en) * | 2019-01-31 | 2020-08-07 | 丛林网络公司 | Method for communication in SD-WAN, SD-WAN and service provider |
| CN213244039U (en) * | 2020-11-19 | 2021-05-18 | 上海地面通信息网络股份有限公司 | Three-network cloud intercommunication system based on multi-cloud aggregation connection technology |
-
2021
- 2021-07-19 CN CN202110811273.4A patent/CN113556273A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101262429A (en) * | 2008-04-16 | 2008-09-10 | 中兴通讯股份有限公司 | A system and method for realizing virtual private network communication |
| CN111510316A (en) * | 2019-01-31 | 2020-08-07 | 丛林网络公司 | Method for communication in SD-WAN, SD-WAN and service provider |
| CN213244039U (en) * | 2020-11-19 | 2021-05-18 | 上海地面通信息网络股份有限公司 | Three-network cloud intercommunication system based on multi-cloud aggregation connection technology |
Non-Patent Citations (1)
| Title |
|---|
| 秋天还很好: "GRE详解", 《CSDN》 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114070874A (en) * | 2021-11-12 | 2022-02-18 | 浙江江能建设有限公司 | DTU-EDGE series intelligent gateway control system and control method thereof |
| CN114826826A (en) * | 2022-04-28 | 2022-07-29 | 北京金山云网络技术有限公司 | Network congestion information transmission method and device, public cloud network and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7225259B2 (en) | Service tunnel over a connectionless network | |
| CN107995052B (en) | Method and apparatus for common control protocol for wired and wireless nodes | |
| JP4110671B2 (en) | Data transfer device | |
| US20050147104A1 (en) | Apparatus and method for multihop MPLS/IP/ATM/frame relay/ethernet pseudo-wire | |
| EP2777217B1 (en) | Protocol for layer two multiple network links tunnelling | |
| EP3103311B1 (en) | Methods and apparatuses for handling communication in a communication system comprising an access point and a wire line network node connected via wire line to the access point | |
| US8687613B2 (en) | Method and system for peer to peer wide area network communication | |
| EP1475942A2 (en) | Address Resolution in IP Internetworking Layer 2 point-to-point connections | |
| CN115314467B (en) | Data communication system and method based on distribution network differential protection | |
| CN100433714C (en) | Method for transmission processing IP fragment message | |
| CN113556273A (en) | Data transmission method of three-network cloud intercommunication system | |
| US20070110072A1 (en) | Digital subscriber link interconnection to a virtual private network | |
| CN101304387B (en) | Method for implementing tunnel conversion of bi-layer tunnel protocol | |
| US8619797B2 (en) | Using internet protocol version six (IPv6) tunnel for access identifier transport | |
| CN111698245A (en) | VxLAN security gateway and two-layer security network construction method based on state cryptographic algorithm | |
| US20060280175A1 (en) | Method and system for tunneling data using a management protocol | |
| CN112600802B (en) | SRv6 encrypted message and SRv6 message encryption and decryption methods and devices | |
| WO2005104449A1 (en) | A method and system for transporting ethernet network services in the rpr network. | |
| CN113676391A (en) | Data transmission method, device, communication node and storage medium | |
| US7054321B1 (en) | Tunneling ethernet | |
| CN113992440B (en) | Gateway equipment and method for transmitting local data into IPsec tunnel | |
| CN102611603B (en) | The foundation of the static tunnel MPLS forwarding table, data transmission method and device | |
| CN113300998A (en) | Method and device for realizing data encryption transmission and communication system | |
| CN114338116B (en) | Encryption transmission method and device and SD-WAN network system | |
| JP2002271417A (en) | Tunneling device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20211026 |